HTML source in perl

**druss** · 01-16-2003 11:48 PM

im working on an encryption script in perl however the problem is that when it decrypts the encryption it writes the real html source, is there a way in perl to hide the source when someone goes to view sorce is it only possible to do so in javascript??

Thanks
Goran Sterjov

**jeffmott** · 01-17-2003 06:57 AM

Do you mean the final Perl output sent to the user? No. A browser sees no difference if it receives its content from a static page or dynamic program. So this is no different from trynig to hide your source for any other page, which cannot be done.

**AdamGundry** · 01-18-2003 06:10 AM

You cannot hide the HTML source, but you can make it close to indecipherable. Check out this tool:

http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

Adam

**jeffmott** · 01-18-2003 08:49 AM

And also very easily recoverable. All someone would have to do is change document.write to someTextArea.value (generally speaking) to see the results. It also makes your page *completely* dependent on the user having scripting enabled.

**druss** · 01-18-2003 09:26 AM

hmm. well then is there anyway to stop a user from downloading a javascript file directly rather than through the <script src="">.

i have tried doing it with htaccess and htpasswrd however everytime the user loads the page they need a password.

Thanks
Goran

**jeffmott** · 01-18-2003 10:28 AM

JavaScript is executed client-side, which means for their machine to be able to execute the code at all it has to be able to download it. And once it's on the user's machine there is nothing more you can do. There is why JavaScript is not a means to do anything securly.

**druss** · 01-18-2003 06:14 PM

bugger!!

welll then is there any other way to not show the final output hrough asp or php etc.

or what if i were to do this:
<script src="scripts/decrypt.dat"></script>

would that work? since its a data file with variables in it.

Thanks Again
Goran

**jeffmott** · 01-18-2003 06:30 PM

Not for HTML, JavaScript, or anything else parsed client-side. Because in the end the browser on the user's machine must have this available in a readable form. Otherwise your markup doesn't render and your scripts won't execute. And if the code is available and readable on the user's machine, obviously the user will be able to read it. All you can do is on the server-side decide what to send back to the user and what not to.

**druss** · 01-18-2003 06:56 PM

ok, then for the last question

my javascript is protect by a perl anti leech script.

so the html code looks like this
<script src="leech.cgi?decrypt"></script>

it works fine too

however does the javascript file go on the system once its loaded, or is that safe enough and no one can get the javascript (besides hackers that is)

Thanks Again - You've been a great help
Goran Sterjov

**jeffmott** · 01-18-2003 08:36 PM

however does the javascript file go on the system once its loaded

Yes, because whatever output leech.cgi?decrypt produces gets sent to the user, otherwise their browser can't run it. This is why nothing client-side can be kept secure, whether it be markup, programming, text, or images.

Thread: HTML source in perl

Thread Tools

Display

HTML source in perl

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions